AMENDMENT AND RESPONSE UNDER 37 CFR § 1.1 1 1 

Serial Number: 10/017,835 
Filing Date: December 12, 2001 

Title: IDENTITY AUTHENTICATION PORTFOLIO SYSTEM 
Assignee: Intel Corporation 

IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A method of providing an authentication service, comprising: 

with an authentication server, relating a user identity to a set of a plurality of 
authentication mechanisms, the user identity belonging to a user ; 

relating a type of transaction with a relying party to a level of authentication , the 
relying party reliant on the authentication service to authenticate the user 
before user access is provided to its service, program or information ; and 

authenticating the user identity through at least one authentication mechanism in 
the set of the plurality of authentication mechanisms for the type of 
transaction, according to the level of authentication , wherein the user is 
granted or denied access to the service, program or information provided 
by the relying party . 

2. (Original) The method as recited in claim 1, further comprising: 

selecting the at least one authentication mechanism depending on the plurality of 
authentication mechanisms related with the user and the level of authentication. 

3. (Original) The method as recited in claim 1, further comprising: 
monitoring a series of authentications for the relying party to detect fraud. 

4. (Original) The method as recited in claim 1, wherein the authentication mechanisms in 
the set of authentication mechanisms are part of a distributed system. 

5. (Original) The method as recited in claim 3, wherein at least one of the authentication 
mechanisms is mobile. 
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6. (Original) A computer-readable medium having computer-executable instructions for 
performing the method as recited in claim 1 . 

7. (Currently Amended) A method of syndication, comprising: 

offering an authentication service, the authentication service being capable of 

authenticating a user identity with a plurality of authentication mechanisms , the 

user identity belonging to a usen lTJI 
rendering results of the authentication to at least one relying part y, the reiving party 

reliant on the authentication service to authenticate the user before user access is 

provided to its goods or services; FL and]] 
dynamically making an authorization decision; and 

distributing the authentication service to the at least one relying party wherein the at least 
one relying party provides or does not provide a good or service to the user depending on the 
authorization decision. 



8. (Original) The method as recited in claim 7, wherein the at least one relying party 
integrates the authentication service together with other offerings. 

9. (Original) The method as recited in claim 7, wherein the dynamic authorization decision 
is based on a requested access level, authentication mechanisms used, and an account status. 

10. (Currently Amended) The method as recited in claim 7, further comprising: 
providing secure recovery from potential fraud without requiring re-registration of [[a]] 

the user. 

1 1 . (Original) The method as recited in claim 7, further comprising: 
charging the relying party for each authenticating event. 

12. (Original) A computer-readable medium having computer-executable instructions for 
performing the method as recited in claim 6. 
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13. (Currently Amended) A method of registration, comprising: 
authenticating a user having a user identity ; 

determining a level of user identity confirmation for a registration; 

receiving a new authentication mechanism from the user ; 

receiving new authentication verification information; [[and]] 

storing user identity information, the level of identity confirmation, and the new 
authentication verification information in a database ; and 

sending the user identity information, the level of identity confirmation, and the new 
authentication verification information . 

14. (Original) The method as recited in claim 13, wherein authenticating the user is done by 
a registration server. 

15. (Original) The method as recited in claim 13, wherein authenticating the user is done by 
a registration agent. 

16. (Original) The method as recited in claim 13, wherein authenticating the user is 
performed by using an authentication mechanism stored in the database. 

17. (Original) The method as recited in claim 13, further comprising: 
receiving from the user, a request for registration. 

18. (Original) The method as recited in claim 17, wherein receiving the request for 
registration is done by an authentication server. 

19. (Original) The method as recited in claim 17, wherein receiving the request for 
registration is done by an authentication agent. 
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20. (Original) The method as recited in claim 13, wherein determining the level of identity 
confirmation for the registration is done by a registration server. 

21 . (Original) The method as recited in claim 13, wherein determining the level of identity 
confirmation for the registration is done by a registration agent. 

22. (Original) The method as recited in claim 13, wherein receiving new authentication 
verification information is done by a registration server. 

23. (Canceled) 

24. (Currently Amended) The method as recited in claim [[23]] 13, wherein sending is done 
from a registration server to an authentication server. 

25. (Currently Amended) The method as recited in claim [[23]] 13, wherein sending the us e r 
id e ntity information, th e l e vel of id e ntity confirmation, and the auth e ntication verification 
information is done from a registration agent to a registration server. 

26. (Currently Amended) The method as recited in claim [[23]] 13, further comprising 
sending pre-existing user information. 

27. (Currently Amended) A method of providing an authentication service, comprising: 
providing a list of supported authentication methods to authenticate at least one user ; 
receiving requirements for an authentication level from at least one relying part y, the at 

least one reiving party reliant on the authentication service to authenticate the at 
least one user before user access is provided to its service, program or 
information ; 

receiving a selection of authentication methods from the at least one user; 
receiving identification information for the at least one user; 
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producing a portfolio associated with the at least one user, the portfolio comprising the 
list of authentication methods, each authentication method in the portfolio 
meeting the selection of the at least one user, each authentication method in the 
portfolio supported by an authentication system, the list of authentication methods 
meeting the requirements for the authentication level from the at least one relying 
party; and 

relating the identification information to the portfolio for the at least one user. 

28. (Original) The method as recited in claim 27, wherein receiving the selection is a subset 
of the list of supported authentication methods. 

29. (Original) The method as recited in claim 27, further comprising: 

storing the portfolio on an authentication server capable of providing the authentication 
service to the at least one relying party. 

30. (Original) The method as recited in claim 27, further comprising: 
providing a selection of authentication methods to the at least one user; 
receiving at least one selected authentication method from the at least one user; 
receiving authentication information required to perform authentication for each of the at 

least one selected authentication methods; 
wherein the portfolio includes the authentication information. 

3 1 . (Original) The method as recited in claim 27, further comprising: 
authenticating, by the authentication system, the at least one user to the at least one 

relying party. 

32. (Original) The method as recited in claim 31, wherein authenticating the at least one user 
to the at least one relying party comprises: 

providing a challenge to the at least one user; 
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accepting a response to the challenge from the at least one user; 

examining the response to the challenge to ensure its authenticity; 

comparing authentication information received by the at least one user to the portfolio 

associated with the at least one user; and 
communicating an authentication result to the at least one relying party. 

33. (Original) The method as recited in claim 27, wherein the at least one relying party is an 
online pharmacy and the at least one user is a doctor. 

34. (Original) The method as recited in claim 27, further comprising: 
adding a new authentication method to the portfolio. 

35. (Original) The method as recited in claim 34, wherein adding the new authentication 
method to the portfolio comprises: 

authenticating the at least one user using an authentication method already in the 
portfolio; 

receiving authentication information for the new authentication method; and 

storing the new authentication method and its authentication information in the portfolio. 

36. (Original) The method as recited in claim 27, further comprising: 

receiving notice of a potentially compromised authentication method in the portfolio; 
authenticating the at least one user using an authentication method already in the 

portfolio, but not using the potentially compromised authentication method; and 
revoking the authentication information for the potentially compromised authentication 

method in the portfolio associated with the at least one user. 

37. (Original) The method as recited in claim 27, further comprising: 
monitoring authentication events for the at least one user; and 
detecting possible fraud for a suspect authentication method. 



AMENDMENT AND RESPONSE UNDER 37 CFR §1.111 Page 14 

Serial Number: 10/017,835 Dkt: 884.437US1 (INTEL) 

Filing Date: December 12, 2001 

Title: IDENTITY AUTHENTICATION PORTFOLIO SYSTEM 

Assignee: Intel Corporation ____ - 

38. (Original) The method as recited in claim 37, further comprising: 
authenticating the at least one user using an authentication method already in the 

portfolio, but not using the suspect authentication method; 
communicating the possible fraud to the at least one user; and 

upon confirmation of fraud, revoking the suspect authentication method in the portfolio. 

39. (Original) The method as recited in claim 37, further comprising: 
automatically revoking the suspect authentication method in the portfolio; 
wherein the possible fraud is potentially serious fraud. 

40. (Original) A computer-readable medium having computer-executable instructions for 
performing the method as recited in claim 27. 

41. (Original) A method of authentication, comprising: 
requesting, by a user to a relying party, a protected service; 

sending, by the relying party, a description of the request to an authorization server; 
determining, by the authorization server, a first level of assurance; 
sending, by the authorization server to an authentication server, the first level of 
assurance; 

requesting, by an authentication server, authentication from the user; 
entering, by the user, authentication information into an authentication device; 
sending, by the authentication device to the authentication server, authentication 
information; 

verifying, by the authentication server, the authentication information using 
authentication verification information stored in a portfolio in a database that is associated with 
the user; 

computing, by the authentication server, a second level of assurance; 
evaluating whether the second level of assurance is high enough; 
sending, by the authentication server to the authorization server, a first success message, 
upon determining the second level of assurance is high enough; 
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verifying, by the authorization server, information from the authentication server; 
verifying, by the authorization server, that the user is allowed to perform the protected 
service; 

sending, by the authorization server to the relying party, a second success message, upon 
verification of the information from the authentication server and verification that the user is 
allowed to perform the protected service; and 

providing, by the relying party to the user, the protected service. 



42. (Original) The method as recited in claim 41, further comprising: 

requesting, by the authentication server to the user, authentication using at least one 
additional authentication method, upon determining the second level of assurance is not high 
enough. 

43. (Original) The method as recited in claim 42, further comprising: 

sending, by the authentication server to the authorization server, a first failure message 
and a reduced level of assurance, upon determining the user is unable to authenticate using the at 
least one additional authentication method; 

storing, by the authorization server, the reduced level of assurance; 

sending, by the authorization server to the relying party, a second failure message; and 

providing, by the relying party to the user, a third failure message. 



